CVE-2026-41073

RT is an open source, enterprise-grade issue and ticket tracking system. Versions prior to 5.0.10 and 6.0.0 through 6.0.2 contain a spreadsheet CSV/formula injection vulnerability. User-controlled data in spreadsheet exports is not sanitized before being written to the output file, which can caus...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: squid (UTSA-2026-016517)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016517 advisory. Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Affected versions of squid are subject to a a Use-After-Free bug which can lead to a Deni...

Astra Linux - уязвимость в linux-5.10, linux-5.15, linux

In the usbmon module of the Linux kernel, the files drivers/usb/mon/monbin.c before version 5.19.15 and versions 6.x before 6.0.1 allow a user-space client to corrupt the internal memory of the monitor...

CVE-2026-35213

@hapi/content provided HTTP Content- headers parsing. All versions of @hapi/content through 6.0.0 are vulnerable to Regular Expression Denial of Service ReDoS via crafted HTTP header values. Three regular expressions used to parse Content-Type and Content-Disposition headers contain patterns...

CVE-2026-35213

@hapi/content provided HTTP Content- headers parsing. All versions of @hapi/content through 6.0.0 are vulnerable to Regular Expression Denial of Service ReDoS via crafted HTTP header values. Three regular expressions used to parse Content-Type and Content-Disposition headers contain patterns...

CVE-2026-34202

ZEBRA is a Zcash node written entirely in Rust. Prior to zebrad version 4.3.0 and zebra-chain version 6.0.1, a vulnerability in Zebra's transaction processing logic allows a remote, unauthenticated attacker to cause a Zebra node to panic crash. This is triggered by sending a specially crafted V5...

CVE-2026-34202

ZEBRA is a Zcash node written entirely in Rust. Prior to zebrad version 4.3.0 and zebra-chain version 6.0.1, a vulnerability in Zebra's transaction processing logic allows a remote, unauthenticated attacker to cause a Zebra node to panic crash. This is triggered by sending a specially crafted V5...

0utmailauth (=1.0.0), @1023-ventures/ursa-core (>=0.5.2 <=0.5.3) +1991 more potentially affected by CVE-2026-1526 via undici (>=6.0.1 <=6.23.0)

undici NPM version =6.0.1, =0.5.2, =0.5.2, =1.3.7, =1.3.7, =1.3.7, =1.0.0, =1.0.0, =0.1.5-alpha.0, =1.0.9-beta.0, =0.5.21, =0.5.21, =0.1.0, =0.1.5 and more Source cves: CVE-2026-1526 Source advisory: SNYK:JS-UNDICI-15518068...

0utmailauth (=1.0.0), @1023-ventures/ursa-core (>=0.5.2 <=0.5.3) +1991 more potentially affected by CVE-2026-1528 via undici (>=6.0.1 <=6.23.0)

undici NPM version =6.0.1, =0.5.2, =0.5.2, =1.3.7, =1.3.7, =1.3.7, =1.0.0, =1.0.0, =0.1.5-alpha.0, =1.0.9-beta.0, =0.5.21, =0.5.21, =0.1.0, =0.1.5 and more Source cves: CVE-2026-1528 Source advisory: SNYK:JS-UNDICI-15518064...

0utmailauth (=1.0.0), @1023-ventures/ursa-core (>=0.5.2 <=0.5.3) +1991 more potentially affected by CVE-2026-1527 via undici (>=6.0.1 <=6.23.0)

undici NPM version =6.0.1, =0.5.2, =0.5.2, =1.3.7, =1.3.7, =1.3.7, =1.0.0, =1.0.0, =0.1.5-alpha.0, =1.0.9-beta.0, =0.5.21, =0.5.21, =0.1.0, =0.1.5 and more Source cves: CVE-2026-1527 Source advisory: SNYK:JS-UNDICI-15518072...

CVE-2025-12811 Cloud Suite and Privilege Access Service– HTTP request smuggling vulnerability

Improper Inconsistent Interpretation of HTTP Requests 'HTTP Request Smuggling' in Delinea Inc. Cloud Suite and Privileged Access Service. If you're not using the latest Server Suite agents, this fix requires that you upgrade to Server Suite 2023.1 agent 6.0.1 or later. If you cannot upgrade to...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-000988)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-000988 advisory. The LISTPOISON feature in include/linux/poison.h in the Linux kernel before 4.3, as used in Android 6.0.1 before 2016-03-01, does not properly consider the...

Joomla! XSS Vulnerability (20260102)

Joomla! is prone to a cross-site scripting XSS vulnerability. SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:joomla:joomla";...

CVE-2025-14366

The Eyewear prescription form plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 6.0.1. This is due to missing authorization checks on the SubmitCatProductRequest AJAX action. This makes it possible for unauthenticated attackers to create arbitrary...

CVE-2025-14366 Eyewear prescription form <= 6.0.1 - Missing Authorization to Unauthenticated Arbitrary WooCommerce Product Creation

The Eyewear prescription form plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 6.0.1. This is due to missing authorization checks on the SubmitCatProductRequest AJAX action. This makes it possible for unauthenticated attackers to create arbitrary...

CVE-2025-66546

Nextcloud Calendar is a calendar app for Nextcloud. Prior to 4.7.19, 5.5.6, and 6.0.1, the calendar app allowed blindly booking appointments with a squential ID without known the appointment token. This vulnerability is fixed in 4.7.19, 5.5.6, and 6.0.1...

CVE-2025-66546

Summary: CVE-2025-66546 affects Nextcloud Calendar. The vulnerability arises from the calendar’s handling of appointment IDs, allowing blind booking of appointments without knowledge of the appointment token. Affected software/versions (as documented): Nextcloud Calendar prior to 4.7.19, prior to...

CVE-2025-66546 Nextcloud Calendar app allowed booking appointments without the generated token

Nextcloud Calendar is a calendar app for Nextcloud. Prior to 4.7.19, 5.5.6, and 6.0.1, the calendar app allowed blindly booking appointments with a squential ID without known the appointment token. This vulnerability is fixed in 4.7.19, 5.5.6, and 6.0.1...

CVE-2025-66546 Nextcloud Calendar app allowed booking appointments without the generated token

Nextcloud Calendar is a calendar app for Nextcloud. Prior to 4.7.19, 5.5.6, and 6.0.1, the calendar app allowed blindly booking appointments with a squential ID without known the appointment token. This vulnerability is fixed in 4.7.19, 5.5.6, and 6.0.1...

Nextcloud Calendar 安全漏洞

Nextcloud Calendar is an open source calendar application from Nextcloud. A security vulnerability exists in Nextcloud Calendar versions prior to 4.7.19, prior to 5.5.6, and prior to 6.0.1, which stems from the calendar application allowing blind booking of meetings, which could lead to...